Mouse Trap: Exploiting Firmware Updates in USB Peripherals
Jacob Maskiewicz, Benjamin Ellis, James Mouradian, and Hovav Shacham, University of California, San Diego
Although many users are aware of the threats that malware pose, users are unaware that malware can infect peripheral devices. Many embedded devices support firmware update capabilities, yet they do not authenticate such updates; this allows adversaries to infect peripherals with malicious firmware. We present a case study of the Logitech G600 mouse, demonstrating attacks on networked systems which are also feasible against air-gapped systems.
If the target machine is air-gapped, we show that the Logitech G600 has enough space available to host an entire malware package inside its firmware. We also wrote a file transfer utility that transfers the malware from the mouse to the target machine. If the target is networked, the mouse can be used as a persistent threat that updates and reinstalls malware as desired.
To mitigate these attacks, we implemented signature verification code which is essential to preventing malicious firmware from being installed on the mouse. We demonstrate that it is reasonable to include such signature verification code in the bootloader of the mouse.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Jacob Maskiewicz and Benjamin Ellis and James Mouradian and Hovav Shacham},
title = {Mouse Trap: Exploiting Firmware Updates in {USB} Peripherals},
booktitle = {8th USENIX Workshop on Offensive Technologies (WOOT 14)},
year = {2014},
address = {San Diego, CA},
url = {https://www.usenix.org/conference/woot14/workshop-program/presentation/maskiewicz},
publisher = {USENIX Association},
month = aug
}